refreshing Windows servers

I need to refresh some servers and have a few questions. They are currently dell servers running Windows 2003 and will refresh them to new dell R710's on Windows 2008.

-If I want to keep the same name would all I need to do is to bring down the old server, build up the new server. Name it the same name and make sure IP address is the same. Is there anything I need to do in AD after this? Do I need to do any type of SID changes or anything?

-also I have a USB harddrive that was a file share that has security permissions on it. If I unplug it and plug it into a new server how can I maintain the security permissions on it? Or do I have to set all the permissions over again.

SBS doesn't seem to be mentioned by the OP. Simply giving the computer the same name and IP address will not make it the same object to Active Directory. The SID makes sure of that. DNS CNAMES are good for this purpose. If you point your clients to the CNAME instead of the server's actual hostname, you can do whatever you want to the server, as long as the CNAME points to a valid host.

How is the data on the USB drive accessed (over a share)? What type of security NTFS/Domain?

When you say "bring down the old server", does that mean drop it from the domain?

If so then when you bring up the new server and add to the domain with the same name as the old server then a new computer account will be created and the SID's will not matter. You will need to recreate all the shares on the new server.

Is there data on the old server that has to be moved to a new server or is it all on the USB?

Where does your data live? I am doing multiple servers but the usb harddrive file server the data is on the USB drive.

How is the data on the USB drive accessed (over a share)? What type of security NTFS/Domain? It is on a share and uses NTFS permissions.

When you say "bring down the old server", does that mean drop it from the domain? Yes we need to decommission the server.

If so then when you bring up the new server and add to the domain with the same name as the old server then a new computer account will be created and the SID's will not matter. You will need to recreate all the shares on the new server.

Is there data on the old server that has to be moved to a new server or is it all on the USB? Most of the servers do not need data but the server with the usb drive, the drive will need to be unplugged then plugged into new server. This will make it lose all its permissions.

Firebar: I can just name the new servers a different one on most of the servers but there are a few that it would be much easier to keep the name. Is it anywhere possible to bring a new server online with the same name and transfer SID to it somehow even if its hard to do?

1. Build the new machines with new names and new IP#
2. Rename the old Servers and change their IP#s Before you take them out,...leave them in place,...leave them running. This will prevent conflicts in Networking, AD Memberships, DNS Records, and WINS.
3. Once DNS, WINS, and the Machine accounts have settled on on the changes to the old server,...then,..and only then,...rename the new machine to take the old name and change the IP to take the old IP#. Then give DINS, WINS, and AD Member Accounts time to auto-correct,...again.
4. Depending on the software running on the server,...renaming or changing IP#s can break the software,...so you may have to hold off on the software installations until last. So this means you will have down time in such cases.
5. Most software cannot be "moved",...it has to be installed fresh,...then import whatever data it thrives on from the old machine.

pwindell is right. You don't need to worry about SIDs at all. To answer your question about the USB drive, 'thomastxiee' is incorrect. Unplugging the USB drive from one server to another will no cause losing the NTFS permissions. Actually it is quite the opposite, as long as your NTFS permissions is AD related (which in your case when you say it is a file share, it should be). So you can basically unplug the USB from the old server and plug it in to the new server.

For the record, only for the sake of discussion...and I'm not saying you should do it,....in fact I am saying don't do it,...but it is possible to write a SID from a previous machine to a different machine if it is Server2003 and older or if it is XP and older. The small tool called NewSID will do it because it lets you pick a specific SID to apply rather than a random SID which is what you would normally do.

I don't think it is possible with Server2008, Vista, or WIn7.

But,...don't do it!!!,...I'm just stating that is can be done,...there are a lot of bad things that you aren't' supposed to do that can be done.

BTW, I would not keep any important data on just a USB drive that isn't protected by RAID AND good backups. Copy the data to an internal or external RAID array using robocopy. If you use the /sec switch, robocopy will grab the NTFS permissions.

Featured Post

Managing Active Directory does not always have to be complicated. If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility.
Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…

This Micro Tutorial hows how you can integrate Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease.
The following video show how to bind OSX Mavericks to …